Risk Management Framework

NIST 800-171

NIST 800-171 is another SP (Special Publication) developed by the National Institute of Standards and Technology (NIST) to standardize how federal agencies define Controlled Unclassified Data (CUI) and the IT security standards for those that have access to it. Unlike NIST 800-53, SP 800-171 is a set of requirements for intended federal contractors.

Framework Summary

Even though NIST 800-171 has far less controls than 800-53, they outline 14 different control categories for those seeking compliance. These categories are:

  • 3.1 Access Control
  • 3.2 Awareness and Training
  • 3.3 Audit and Accountability
  • 3.4 Configuration Management
  • 3.5 Identification and Authentication
  • 3.6 Incident Response
  • 3.7 Maintenance
  • 3.8 Media Protection
  • 3.9 Personnel Security
  • 3.10 Physical Protection
  • 3.11 Risk Assessment
  • 3.12 Security Assessment
  • 3.13 System and Communications Protection
  • 3.14 System and Information Integrity


Free Discovery Session

BOOK A MEETING
Have a quick question?
Email us: cybersecurity@mindpointgroup.com
Give us a call: (703) 636-2033 Option 2